Skip to content

Commit

Permalink
fix: allow multiples values in the secretResourceNames slice
Browse files Browse the repository at this point in the history
  • Loading branch information
@justinrush
justinrush committed Jun 19, 2024
1 parent b159d48 commit 24978e8
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 2 deletions.
4 changes: 2 additions & 2 deletions traefik/templates/rbac/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ rules:
- ""
resources:
- secrets
{{- if gt (len .Values.rbac.secretResourceNames) 0 }}
resourceNames: {{ .Values.rbac.secretResourceNames }}
{{- with .Values.rbac.secretResourceNames }}
resourceNames: {{ toYaml . |nindent 6 }}
{{- end }}
verbs:
- get
Expand Down
20 changes: 20 additions & 0 deletions traefik/tests/rbac-config_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -581,6 +581,26 @@ tests:
- get
- list
- watch
- it: ClusterRole should allow get, list, watch access only to multiple secrets listed in secretResourceNames if not empty
set:
rbac:
secretResourceNames: [traefik-tls-cert, some-other-cert]
asserts:
- template: rbac/clusterrole.yaml
contains:
path: rules
content:
apiGroups:
- ""
resources:
- secrets
resourceNames:
- traefik-tls-cert
- some-other-cert
verbs:
- get
- list
- watch
- it: Role should allow get, list, watch access to every secret if secretResourceNames is empty
set:
rbac:
Expand Down

0 comments on commit 24978e8

Please sign in to comment.